Abstract
An emerging consensus among policy makers is that interventions undertaken by Internet Service Providers are the best way to counter the rising incidence of malware. However, assessing the suitability of countermeasures at this scale is hard. In this paper, we use an agent-based model, called ASIM, to investigate the impact of policy interventions at the Autonomous System level of the Internet. For instance, we find that coordinated intervention by the 0.2%-biggest ASes is more effective than uncoordinated efforts adopted by 30% of all ASes. Furthermore, countermeasures that block malicious transit traffic appear more effective than ones that block outgoing traffic. The model allows us to quantify and compare positive externalities created by different countermeasures. Our results give an initial indication of the types and levels of intervention that are most cost-effective at large scale.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Code available at http://ftg.lbl.gov/projects/asim.
- 2.
Except for the very first agent, of course.
- 3.
The population of the location, divided by the number of agents with presence at that location.
- 4.
- 5.
- 6.
Data and tools available at http://ftg.lbl.gov/projects/asim.
- 7.
- 8.
- 9.
av_degree = 4.2, extent_cost = 1.5, base_income = 5, pop_distr_exp = -1, wickedness = 0.1.
- 10.
As of May 2010.
References
Ajelli M, Lo Cigno R, Montresor A (2010) Modeling botnets and epidemic malware. In: 2010 IEEE international conference on communications (ICC), pp 1–5
Anderson R, Böhme R, Clayton R, Moore T (2008) Security economics and European policy. In: Johnson ME (ed) Managing information risk and the economics of security, Springer, Berlin, pp 55–80
Anderson R, Moore T (2006) The economics of information security. Science 314(5799):610–613
Anderson RM, May RM (1992) Infectious diseases of humans dynamics and control. Oxford University Press, Oxford
Aspnes J, Rustagi N, Saia J (2007) Worm versus alert: who wins in a battle for control of a large-scale network? In: Proceedings of the 11th international conference on principles of distributed systems, OPODIS’07, Springer, Berlin, pp 443–456
Association II (2010) Internet service providers voluntary code of practice for industry self-regulation in the area of cyber security. http://iia.net.au/images/resources/pdf/iiacybersecuritycode_implementation_dec2010.pdf
Chang H, Jamin S, Willinger W (2003) Internet connectivity at the AS-level: an optimization-driven modeling approach. In: MoMeTools ’03: Proceedings of the ACM SIGCOMM workshop on models, methods and tools for reproducible network research, ACM, New York, NY, USA, pp 33–46. DOI 10.1145/944773.944780
Chang H, Jamin S, Willinger W (2006) To peer or not to peer: modeling the evolution of the Internet’s AS-level topology. In: Proc. IEEE INFOCOM
Clayton R (2010) Might governments clean up malware? In: Workshop on the economics of information security. http://weis2010.econinfosec.org/papers/session4/weis2010_clayton.pdf
Comcast: Comcast.net security—constant guard. http://security.comcast.net/constantguard/
Coull SE, Szymanski BK (2005) A reputation-based system for the quarantine of random scanning worms
Dagon D, Zou C, Lee W (2006) Modeling botnet propagation using time zones. In: In Proceedings of the 13th network and distributed system security symposium NDSS
van Eeten M, Asghari H, Bauer JM, Tabatabaie S (2011) Internet service providers and botnet mitigation: a fact-finding study on the Dutch market. Technical report, Netherlands Ministry of Economic Affairs, Agriculture and Innovation, The Hague. http://rijksoverheid.nl/ministeries/eleni/documenten-en-publicaties/rapporten/2011/01/13/internet-service-providers-and-botnet-mitigation.html
van Eeten M, Bauer JM (2008) Economics of malware: security decisions, incentives and externalities. Technical report, OECD STI Working paper 2008/1. http://www.oecd.org/dataoecd/53/17/40722462.pdf
van Eeten M, Bauer JM, Asghari H, Tabatabaie S (2010) The role of internet service providers in botnet mitigation: an empirical analysis based on spam data. Technical report, OECD STI Working Paper 2010/5. http://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?cote=dsti/doc(2010)5&docLanguage=En
Evron G (2009) Dutch isps sign anti-botnet treaty. Dark Reading. http://www.darkreading.com/blog/archives/2009/09/dutch_isps_sign.html
Fei S, Zhaowen L, Yan M (2009) A survey of internet worm propagation models. In: Broadband network multimedia technology, 2nd IEEE International Conference on IC-BNMT ’09, pp 453–457
Ganesh A, Massouli L, Towsley D (2005) The effect of network topology on the spread of epidemics. In: IEEE INFOCOM, pp 1455–1466
Haynes KE, Fotheringham A (1984) Gravity and spatial interaction models. Sage Publications, Beverley Hills, CA
Holme P, Karlin J, Forrest S (2008) An integrated model of traffic, geography and economy in the internet. ACM SIGCOMM Computer Commun Rev 38(3):7–15
Karge S (2010) The german anti-botnet initiative. In: OECD workshop on the role of internet intermediaries in advancing public policy objectives. http://www.oecd.org/dataoecd/42/50/45509383.pdf
Lelarge M (2009) Economics of malware: epidemic risks model, network externalities and incentives. In: Proceedings of the 47th annual allerton conference on communication, control, and computing, pp 1353–1360
Lelarge M, Bolot J (2009) Economic incentives to increase security in the internet: the case for insurance. In: INFOCOM 2009, IEEE, pp 1494–1502
Mody N, O’Reirdan M, Masiello S, Zebek J (2009) Messaging Anti-abuse working group common best practices for mitigating large scale bot infections in residential networks. http://www.maawg.org/system/files/news/MAAWG_Bot_Mitigation_BP_2009-07.pdf
Moore D, Shannon C, Voelker G, Savage S (2003) Internet quarantine: requirements for containing self-propagating code. In: INFOCOM 2003. Twenty-second annual joint conference of the IEEE computer and communications. IEEE societies, vol 3, pp 1901–1910
Moore T, Clayton R (2008) The consequence of non-cooperation in the fight against phishing. In: Anti-phishing working group eCrime researchers summit (APWG eCrime), pp 1–14. URL http://people.seas.harvard.edu/~tmoore/ecrime08.pdf
Moore T, Clayton R, Anderson R (2009) The economics of online crime. J Economic Perspect 23(3):3–20
Newman MEJ (2002) Spread of epidemic disease on networks. Phys Rev E 66(1)
Omic J, Orda A, Van Mieghem P (2009) Protecting against network infections: a game theoretic perspective. In: INFOCOM, IEEE, pp 1485–1493
Palmieri F, Fiore U (2008) Containing large-scale worm spreading in the internet by cooperative distribution of traffic filtering policies. Comput Secur 27(1–2):48–62
Porras P, Saidi H, Yegneswaran V (2009) An analysis of conficker’s logic and rendezvous points. Technical report, SRI International. http://mtc.sri.com/Conficker/
Schafer J, Malinka K, Hanacek P (2008) Malware spreading models in peer-to-peer networks. In: Security technology, 42nd annual IEEE international Carnahan conference on ICCST 2008, pp 339–345
Stone-Gross B, Moser A, Kruegel C, Kirda E, Almeroth K (2009) FIRE: FInding Rogue nEtworks. In: Proceedings of the annual computer security applications conference (ACSAC). Honolulu, HI
Varian HR (2004) System reliability and free riding. In: Economics of information security, Kluwer Academic Publishers, Dordrecht, pp 1–15
Wei S, Mirkovic J, Swany M (2005) Distributed worm simulation with a realistic internet model. In: Principles of advanced and distributed simulation, Workshop on PADS 2005, pp 71–79
Acknowledgements
The authors gratefully acknowledge the support of DOE grant DE-AC02-05CH11231. Stephanie Forrest acknowledges partial support of DARPA (P-1070-113237), NSF (EF1038682,SHF0905236), and AFOSR (Fa9550-07-1-0532).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media New York
About this paper
Cite this paper
Hofmeyr, S., Moore, T., Forrest, S., Edwards, B., Stelle, G. (2013). Modeling Internet-Scale Policies for Cleaning up Malware. In: Schneier, B. (eds) Economics of Information Security and Privacy III. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-1981-5_7
Download citation
DOI: https://doi.org/10.1007/978-1-4614-1981-5_7
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-1980-8
Online ISBN: 978-1-4614-1981-5
eBook Packages: Computer ScienceComputer Science (R0)